This is a Trojan horse that has the capability to delete all files on the user’s computer and create a major headache for the owner of the computer. The virus originated in November of 2000 and is a WinZip file (which is a special type of software that creates and manages Zip files).
The archive icon that the user sees has been amended to appear as an install package in a bid to fool the victim into executing the file. When the user clicks the icon, two dialog boxes come up.
“The first box informs the user that the self-extracting archive was created by a non-licensed WinZIP-Self-Extractor and it is prohibited to distribute that archive. The second box in the background is the standard WinZip copyright screen with the modified icon. The caption of that dialog box is “Win-Zip Self-Extractor [SIMPSONS.EXE] (What).”
Once the user presses this button, simpsons.bat is activated and the Trojan begins erasing the files in the system starting with the C: drive then progresses into the A: drive, B: drive, and finally the D: drive of the user’s computer.
Computer Associates, Inc. warned users that received the Trojan to not press okay. They then should turn off the computer, reboot it, and delete the self-extracting archive to prevent the virus from attacking their computer.
If the user does press “OK” then the archive extracts Simpsons.bat and Simpsons.bmp from the computer. Simpsons.bat automatically begins erasing all the files and directories on the computer. Simpsons.bmp is a regular Zip archive that contains three non- malicious files; ReadMe.txt, file_id.diz and sample.exe (What). This part is not a bitmap file, despite the type ending.
Simon Perry, Computer Associates’ Vice President of security soutions said, “We’ve seen many attacks recently that have used Microsoft’s VBS language, but we cannot forget that danger is packaged in many other ways — in this case a Trojan Horse. It’s very simple. On the heels of the ILOVEYOU and Stages of Life threats, we cannot stress how important it is for eBusinesses and users to protect their valuable data by using extreme caution before opening any unsolicited file (What).”
Computer Associates’ anti-virus software InoculateIT automatically detects the presence of the Simpsons Trojan horse. InoculateIT is unmatched management and virus protection. InoculateIT is certified by the International Computer Security Association (ICSA) to detect 100% of viruses “in the wild” and ensures a network is protected against potentially damaging and costly virus incidents (What).
The Simpsons Trojan horse virus can be very damaging to the user’s computer. It is capable of erasing all the files, documents, directories, etc. which would be devastating to the user. I could not find the number of people affected by this virus, but I’m sure it had devestating effects.
SOURCES:
- “New Trojan Horse Virus Discovered.” Internet Business News (2000): 1. ProQuest. Web. 3 Apr. 2014.
- “What Is “The Simpsons” Virus?” Animated TV. About.com Animated TV, n.d. Web. 03 Apr. 2014.